Problem
One or more policies is not being applied to certain Users or Groups; IWSVA is configured
for ICAP mode and is using the LDAP User identification method.
Reason
Some ICAP client, including NetCache version 5.6.2 R1+, do not forward the "Proxy-Authorization"
header when making requests to IWSVA. As a result, IWSVA is unable to identify the
user credentials during the ICAP Response modification phase.
Solution
To work around this issue you need to enable the user IP cache in the IWSVA configuration
file.
-
Log into the IWSVA CLI interface and change to enable mode.
-
Type the following command to change the IWSVA configuration file to enable the user
IP cache:
configure module ldap ipuser_cache enable
(The parameter can be used in an environment of dynamic client IP addresses to preserve
the unique identify a client machine).
 |
Note
IP caching should normally be enabled; do not disable it except in environments where
the IP address cannot be used to identify Web clients. For example, a network where
multiple Web clients are routed through an HTTP proxy before their requests arrive
at an ICAP Web cache, or one where the dynamic reassignment of IP addresses is very
frequent (for example, every few minutes).
|
